From: Victor Julien <victor@inliniac.net>
Date: Fri, 2 Oct 2015 18:29:55 +0000 (+0200)
Subject: detect: set new defaults for grouping
X-Git-Tag: suricata-3.1RC1~365
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=10b049304f36f55536b28ffb30c818f6ae795ce1;p=thirdparty%2Fsuricata.git

detect: set new defaults for grouping
---

diff --git a/src/detect-engine.c b/src/detect-engine.c
index af3343c973..f61c0c347c 100644
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@@ -1103,13 +1103,13 @@ static uint8_t DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
     opt = NULL;
     switch (profile) {
         case ENGINE_PROFILE_LOW:
-            de_ctx->max_uniq_toclient_groups = 3;
-            de_ctx->max_uniq_toserver_groups = 3;
+            de_ctx->max_uniq_toclient_groups = 15;
+            de_ctx->max_uniq_toserver_groups = 25;
             break;
 
         case ENGINE_PROFILE_HIGH:
-            de_ctx->max_uniq_toclient_groups = 20;
-            de_ctx->max_uniq_toserver_groups = 40;
+            de_ctx->max_uniq_toclient_groups = 75;
+            de_ctx->max_uniq_toserver_groups = 75;
             break;
 
         case ENGINE_PROFILE_CUSTOM:
@@ -1124,28 +1124,32 @@ static uint8_t DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
             if (max_uniq_toclient_groups_str != NULL) {
                 if (ByteExtractStringUint16(&de_ctx->max_uniq_toclient_groups, 10,
                     strlen(max_uniq_toclient_groups_str),
-                    (const char *)max_uniq_toclient_groups_str) <= 0) {
-                    de_ctx->max_uniq_toclient_groups = 6;
+                    (const char *)max_uniq_toclient_groups_str) <= 0)
+                {
+                    de_ctx->max_uniq_toclient_groups = 20;
+
                     SCLogWarning(SC_ERR_SIZE_PARSE, "parsing '%s' for "
                             "toclient-groups failed, using %u",
                             max_uniq_toclient_groups_str,
                             de_ctx->max_uniq_toclient_groups);
                 }
             } else {
-                de_ctx->max_uniq_toclient_groups = 6;
+                de_ctx->max_uniq_toclient_groups = 20;
             }
             if (max_uniq_toserver_groups_str != NULL) {
                 if (ByteExtractStringUint16(&de_ctx->max_uniq_toserver_groups, 10,
                     strlen(max_uniq_toserver_groups_str),
-                    (const char *)max_uniq_toserver_groups_str) <= 0) {
-                    de_ctx->max_uniq_toserver_groups = 30;
+                    (const char *)max_uniq_toserver_groups_str) <= 0)
+                {
+                    de_ctx->max_uniq_toserver_groups = 40;
+
                     SCLogWarning(SC_ERR_SIZE_PARSE, "parsing '%s' for "
                             "toserver-groups failed, using %u",
                             max_uniq_toserver_groups_str,
                             de_ctx->max_uniq_toserver_groups);
                 }
             } else {
-                de_ctx->max_uniq_toserver_groups = 30;
+                de_ctx->max_uniq_toserver_groups = 40;
             }
             break;
 
@@ -1153,8 +1157,8 @@ static uint8_t DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
         case ENGINE_PROFILE_MEDIUM:
         case ENGINE_PROFILE_UNKNOWN:
         default:
-            de_ctx->max_uniq_toclient_groups = 6;
-            de_ctx->max_uniq_toserver_groups = 30;
+            de_ctx->max_uniq_toclient_groups = 20;
+            de_ctx->max_uniq_toserver_groups = 40;
             break;
     }
 
@@ -3183,8 +3187,8 @@ static int DetectEngineTest09(void)
     if (de_ctx == NULL)
         goto end;
 
-    if (de_ctx->max_uniq_toclient_groups ==  6 &&
-        de_ctx->max_uniq_toserver_groups == 30)
+    if (de_ctx->max_uniq_toclient_groups == 20 &&
+        de_ctx->max_uniq_toserver_groups == 40)
         result = 1;
 
  end: